The General Data Protection Regulation
The General Data Protection Regulation GDPR is on everyone's lips. And how do we prepare ourselves. What we know about this and how it could affect Passcreator and our users, we present here for you. This information is provided as a resource but does not constitute legal advice. We recommend that you speak with a lawyer to learn how GDPR could affect your business.
Who and What
The GDPR is a data protection act of the European Union (EU) which will affect companies all over the world if it becomes enforceable as of 25 May 2018. It regulates how organizations treat or use personal data of EU citizens, including organizations outside the EU. Personal data is any data that can be used alone or in combination with other data to identify a person. When collecting, modifying, transferring, deleting or otherwise using or storing personal data of EU citizens, you must comply with the GDPR. The GDPR replaces an older Data Protection Directive 95/46/EC and introduces some important changes that may affect Passcreator users.
The processing of personal data of an EU citizen requires a legal basis such as consent. According to GDPR, you may use a different legal basis for the processing of personal data, but we assume that the majority of Passcreator users require your consent. Such consent must be explicit and verifiable.
A verifiable consent requires a written record of when and how someone has agreed that you may process personal data. The Passcreator registration form asks for the following information: Company name, street, postal code, city, country, first name, surname, e-mail address, language and a password. You have to agree to our terms and conditions and the explanation that an Apple Developer account is needed to create Wallet passes by ticking checkboxes.
The explicit consent requires that each user (customer) carries out an action for approval. That approval cannot be given via a pre-selected field. Furthermore, the opt-in message that is used must indicate all possible ways of how the personal data might be used. For a Passcreator user, this could mean, for example, that a user agrees that one or all of the following steps can be performed.
- - Transfer of data to Passcreator
- - Saving your data in your Passcreator profile
- - Send Wallet cards from your Passcreator account
- - Track statistics of Wallet campaigns
The GDPR also describes the rights of individuals with regard to their personal data. EU citizens have the right to request details of how personal data will be used and to determine how it will be handled.
You should be willing to allow requests from individuals for corrections or additions to personal data that are to be forwarded to another organization, prohibited for certain purposes or completely removed. Be prepared in time.
You should also be able to tell on request how personal data is stored and what you use it for. When you’re asked for it, you must also provide the data or a way to download the data you’ve stored about an individual.
What can you do?
If you use Passcreator's mobile marketing wallet cards, your data is well protected.
All data that you provide are stored in a compliant and secure way. Regardless of which opt-in method you choose on your data collection page, you must have the consent of your users. If you rely on consent to the processing of personal data, check where and why your users have shared their data with you to ensure that the consent you have received complies with GDPR standards. If you’re using the Passcreator API to integration other applications, make sure that you have the consent of users whose data you transfer to us.
Another good way to prepare for the GDPR is to educate yourself. We want to help our users preparing for the changes necessary. The rules of the GDPR could also affect your business outside the way you use Passcreator.
Here’s some additional information you might find helpful.
Follow this link: DSGVO
What does Passcreator do to prepare?
We made ourselves familiar with the GDPR and have recently changed or adapted many of our internal practices and guidelines because we have committed ourselves to achieving compliance with the GDPR in a timely manner. For example, we are in the process of updating our data processing agreement and contracts with third parties to comply with GDPR. We also control the effects of GDPR on the use of Passcreator to make it more practical for users who are subject to GDPR.
As more information becomes available and our knowledge advances, we will continue to look for ways to help our users around the world prepare for the GDPR.